Merge "Move policy enforcement into REST API layer for v2.1 api attach_interfaces"

2015-03-10 03:45:24 +00:00 · 2015-03-10 03:45:24 +00:00 · e5ed57dc3f
commit e5ed57dc3f
parent 1a86d0de28 62842e5ae0
2 changed files with 46 additions and 4 deletions
--- a/nova/api/openstack/compute/plugins/v3/attach_interfaces.py
+++ b/nova/api/openstack/compute/plugins/v3/attach_interfaces.py
@ -30,8 +30,7 @@ from nova import network
 ALIAS = 'os-attach-interfaces'
-authorize = extensions.extension_authorizer('compute',
+authorize = extensions.os_compute_authorizer(ALIAS)
                                            'v3:' + ALIAS)
 def _translate_interface_attachment_view(port_info):
@ -49,8 +48,8 @@ class InterfaceAttachmentController(wsgi.Controller):
    """The interface attachment API controller for the OpenStack API."""
    def __init__(self):
-        self.compute_api = compute.API()
+        self.compute_api = compute.API(skip_policy_check=True)
-        self.network_api = network.API()
+        self.network_api = network.API(skip_policy_check=True)
        super(InterfaceAttachmentController, self).__init__()
    @extensions.expected_errors((404, 501))
--- a/nova/tests/unit/api/openstack/compute/contrib/test_attach_interfaces.py
+++ b/nova/tests/unit/api/openstack/compute/contrib/test_attach_interfaces.py
@ -427,3 +427,46 @@ class InterfaceAttachTestsV2(InterfaceAttachTestsV21):
    def test_attach_interface_instance_with_non_array_fixed_ips(self):
        pass
 class AttachInterfacesPolicyEnforcementv21(test.NoDBTestCase):
    def setUp(self):
        super(AttachInterfacesPolicyEnforcementv21, self).setUp()
        self.controller = \
            attach_interfaces_v21.InterfaceAttachmentController()
        self.req = fakes.HTTPRequest.blank('')
        self.rule_name = "compute_extension:v3:os-attach-interfaces"
        self.policy.set_rules({self.rule_name: "project:non_fake"})
    def test_index_attach_interfaces_policy_failed(self):
        exc = self.assertRaises(
            exception.PolicyNotAuthorized,
            self.controller.index, self.req, fakes.FAKE_UUID)
        self.assertEqual(
            "Policy doesn't allow %s to be performed." % self.rule_name,
            exc.format_message())
    def test_show_attach_interfaces_policy_failed(self):
        exc = self.assertRaises(
            exception.PolicyNotAuthorized,
            self.controller.show, self.req, fakes.FAKE_UUID, FAKE_PORT_ID1)
        self.assertEqual(
            "Policy doesn't allow %s to be performed." % self.rule_name,
            exc.format_message())
    def test_create_attach_interfaces_policy_failed(self):
        exc = self.assertRaises(
            exception.PolicyNotAuthorized,
            self.controller.create, self.req, fakes.FAKE_UUID, body={})
        self.assertEqual(
            "Policy doesn't allow %s to be performed." % self.rule_name,
            exc.format_message())
    def test_delete_attach_interfaces_policy_failed(self):
        exc = self.assertRaises(
            exception.PolicyNotAuthorized,
            self.controller.delete, self.req, fakes.FAKE_UUID, FAKE_PORT_ID1)
        self.assertEqual(
            "Policy doesn't allow %s to be performed." % self.rule_name,
            exc.format_message())